Inspiration
Originally, we wanted to go down the Sustainability Track and create a browser extension that told the user how sustainable the website they were using was, plus tips on how to decrease their carbon footprint. However, Shahed, our back-end developer kept going back to the data security aspect of it. In fact, no matter what project idea we pitched, Shahed continued to relate it back to data security. Eventually, Hana said "what if we just made a project focused on cybersecurity?" So, with inspiration from the data breach tracking website 'HaveIBeenPwned', and the browser extension 'Terms of Service; Didn't Read', a combination of our carbon footprint tracker idea and Shahed's passion for data security was born: PrivacyPrint.
What it does
When a user goes to sign up to a website, PrivacyPrint will list the mandatory personal data needed to sign up for a service, and a history of that website's data breaches. This makes the service's handling of a user's data more transparent which will allow a user to make an informed decision on whether they want to sign up for that service or not.
How we built it
The back-end is a Redis database that communicates with a Flask API server. The Redis database acts as a cache which stores the mandatory data classes such as username and password. A mandatory data class is the information that is required for a user to offer in order to create an account with a specific service. Breached data classes were also stored as JSONs; a breached data class is a mandatory data class that has been leaked in a data breach. The front-end was designed to send POST requests to the API server, which would then send back responses containing JSONs of the mandatory or breached data classes. The mandatory data classes were collected using web scraping. Except, instead of using a web driver like Selenium, the data was scraped by serializing the HTML and parsing the serialized data using regular expressions. The breached data classes were collected by making GET requests to the HaveIBeenPwnd API which returned not only the breached data classes, but also the date of the breach and the amount of users affected in the breach.
Challenges we ran into
The biggest challenge we ran into was connecting the front-end and the back-end. We were not able to this the way that we had initially planned, which was to use a web extension written in JavaScript. However, we found that using web extension templates provided us with the necessary boilerplate code to develop a functioning front-end; however, we were not able to completely implement this due to a lack of experience with working with front-end technologies.
Accomplishments that we're proud of
Two of three members did not have a security background, but by the end of the project both members had become comfortable with understanding the importance of protecting the privacy and safety of users and how they could design services that follow modern security practices. We were also proud of being able to connect many services, such as the database, the API server and the front-end using Docker containers built using Docker Compose and DockerFile.
What we learned
We learned a lot regarding not only privacy and safety, which was the track that we decided to follow, but also about the importance of task distribution when working in small group projects.
What's next for PrivacyPrint
In the near future, we want to implement a rating system that rates the security of a website based on their previous data breaches. We will use a "green, yellow, red" color-coding system to make it easier for the user to perceive the rating at a glance. Seohyeon suggested we add a feature where users can report websites that were too invasive or websites that users had a poor data-related experiences with. That way other users can get opinions on the website's security based on community ratings.
Log in or sign up for Devpost to join the conversation.